I have finished a streaming SipHash library for Arduino. It is available here (http://www.forward.com.au/pfod/SipHashLibrary/index.html)

From the https://131002.net/siphash/ page

Quote

SipHash is a family of pseudorandom functions (a.k.a. keyed hash functions) optimized for speed on short messagesSipHash is secure, fast, and simple (for real):SipHash is simpler and faster than previous cryptographic algorithms (e.g. MACs based on universal hashing)SipHash is competitive in performance with insecure non-cryptographic algorithms (e.g. MurmurHash)

The library is small (~1200 bytes code and 42byte RAM) and fast and uses 128bit secret keys.

I will be using it to provide a per message MAC (http://en.wikipedia.org/wiki/Message_authentication_code) for authentication and verification of pfod (www.pfod.com.au) messages to provide security against hackers taking control of my pfodDevice when I am accessing it over the internet.

See http://www.forward.com.au/pfod/secureChallengeResponse/index.html for the detailed design of the message security.

The key is 128bits i.e. 16 bytes, all bits are used. Upper and lower nibbles in each byte are used.For security this key MUST BE RANDOM. See the "Generating the Password" section towards the bottom of http://www.forward.com.au/pfod/secureChallengeResponse/index.html for a method of getting 'random' keys

The message size in unlimited (by the SipHash)you call SipHash.updateHash((byte)c); for each byte in the message. SipHash internally accumulates 8 bytes and then adds them to the hash and then discards them.In finalize() SipHash adds the msg length % 256. The code assigns one byte to keep this value and updates it each time updateHash() is called.

So it does not encrypt the message, just creates a hash, so when I send a message to my second arduino (B), the B creates the hash (based on the same secret key I have got) upon the message, the B sends me the hash back, and I may compare the B-hash with my hash I did for the same message before. When my compare of both hashes match, I know a) the B is my friend, b) the message has not been altered by somebody during the transport to the B. Is my understanding correct please?

Correct, the message is not encrypted (hidden). BUT the hash lets you check i) that the other party has the same secret key ii) that the message has not be modified by some third party.

There are a few more details that need to be attended to See http://www.forward.com.au/pfod/secureChallengeResponse/index.html for the detailed security design based on this (or some other) secure hash.matthew